l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
July 21: Defensive computing: Information security for individuals
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2001 Dec 30 17:01

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] ssh/telnet security question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] ssh/telnet security question



On Tue, 6 Feb 2001, Jan Wynholds wrote:

> A while back, there was some mention (I think it was
> Pete) of using telnet and ssh.
> 
> Here is what I remember:  If you use client A to
> contact telnet server B, then ssh from B to ssh server
> C, then the transmissions from A to B,

exposed

> and from B to C

not exposed, but since everything going through B to C is exposed at A to
B, B to C might as well be exposed.

> all become subject to cracking/sniffing.  I have a
> question about another case.  What if A and B are on a
> firewalled/masqueraded (and the configuration of both
> is secure) local net, while C exists somewhere out on
> the internet.  Are the transmissions from (A to B and)
> B to C still at risk for cracking/sniffing?  

No.

> 
> My guts tell me no (b/c of the masq/firewall), but I
> am very new to this sort of analysis.  

Now you are not quite so new. :)

> 
> If nobody knows, would this be a suitable question for
> Dr. Bishop tonight?

mm... well, you have to learn one way or another. While I might hope he
didn't have to spend too much time answering questions like this, in the
proper context it could make a lot of sense.  I was familiar with many
(but not all) of the tricks Mark used in his account of his cracking
assignment, but the way he used them together made reading about it
interesting, and I might not have learned about the unfamiliar bits
without seeing his whole account.

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
Work:<JeffN@endecon.com>              Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.